Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libxml2: libxml2-16-2.15.2-0.3.hum1 aarch64, x8664 libxml2-2.15.2-0.3.hum1 aarch64, x8664 libxml2-devel-2.15.2-0.3.hum1 aarch64, x8664 libxml2-static-2.15.2-0.3.hum1 aarch64, x8664...

Missing Authentication for Critical Function

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication in several HTTP transport endpoints and exposure of sensitive operationa...

nimiq-blockchain is missing a wall-clock upper bound on block timestamps

Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...

CVE-2026-40184 Unauthenticated Access to Uploaded Files in TREK

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

Important: Red Hat Security Advisory: RHOAI 3.3.1 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.3.1 provides these changes:...

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco Smart Software Manager On-Prem. A malicious party could exploit this vulnerability by inadvertently making an internal service component in Cisco Smart Software Manager On-Prem SSM On-Prem externally accessible. This allows a remote attacker to execute...

DEBIAN-CVE-2026-39304

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

CVE-2021-47960

A flaw was found in Synology SSL VPN Client. This vulnerability allows remote attackers to access sensitive files within the installation directory. By leveraging user interaction with a specially crafted web page, attackers can exploit a local HTTP server bound to the loopback interface to...

RHSA-2026:7350 Red Hat Security Advisory: nodejs:24 security update

Bulletin has no description...

CVE-2026-6031

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2026-6005

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-55674 vulnerabilities

Vulnerabilities for packages: superset...

[SECURITY] Fedora 42 Update: opensc-0.27.1-1.fc42

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

CLEANSTART-2026-DK61762 filippo

Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. filippo. See references for individual vulnerability details...

PT-2026-31889

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A flaw exists in code-projects Simple IT Discussion Forum version 1.0 that allows for SQL injection via manipulation of the Category argument in the /add-category-function.php...

ROS-20260410-73-0014

A vulnerability in the cURL server communication software is related to insufficient protection of registration data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

Linux Distros Unpatched Vulnerability : CVE-2026-29145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This iss...

PT-2026-31859

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection flaw exists in the /delete-category.php file of Simple IT Discussion Forum version 1.0. Manipulation of the cat id argument can trigger the injection. The attack can be initiat...

Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Software Data Center

This High severity Improper Authorization vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Software Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a CVSS Vector...

CVE-2026-5985

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...